ClawHub

Security Guard

ReviewAudited by ClawScan on May 10, 2026.

Overview

This looks like a local security helper, but its code may treat high-risk actions as allowed without confirmed approval and may ignore custom permission settings.

Review carefully before relying on this as a security control. Do not use it as the only approval or authorization layer until high-risk confirmation and custom role handling are fixed and tested; also keep audit logs protected and avoid logging secrets.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium
#ASI02: Tool Misuse and Exploitation
What this means

An application or agent that treats allowed=true as permission to proceed could run a sensitive operation without an actual human confirmation step.

Why it was flagged

High-risk actions are marked as needing confirmation, but check() still logs success and returns allowed=true, so approval enforcement is left to caller behavior rather than failing closed.

Skill content
if (riskLevel === 'high') {
        result.checks.riskLevel = riskLevel;
        result.requiresConfirmation = true;
        
        await this.auditLogger.logHighRisk({ ... });
      }

      // 4. 记录审计日志
      await this.auditLogger.log({ ... status: 'success', ... });

      result.allowed = true;
      return result;
Recommendation

Make high-risk checks return a pending or denied state until confirm() succeeds, and document a required fail-closed confirmation flow.

Medium
#ASI03: Identity and Privilege Abuse
What this means

Users may believe they configured a narrower RBAC policy while the runtime uses different built-in permissions, creating an unexpected authorization boundary.

Why it was flagged

The constructor accepts a config object, but the shown code initializes built-in roles and permissions instead of applying caller-provided roles/defaultRole from the documented configuration examples.

Skill content
constructor(config = {}) {
    super();
    this.roles = new Map();
    ...
    this.defineRole('admin', {
      permissions: ['*'],
      description: 'Full access'
    });
    
    this.defineRole('user', {
      permissions: [
        'file:read',
        'file:write:home',
        'web:read',
        'exec:safe',
        'memory:read',
        'memory:write'
      ],
Recommendation

Apply and validate the supplied permission configuration, test strict/default-role behavior, and clearly document any built-in roles that remain active.

Low
#ASI06: Memory and Context Poisoning
What this means

Audit logs may retain sensitive operation metadata or details on disk if callers include secrets or private resource names.

Why it was flagged

The audit logger writes persistent local records containing user, action, resource, status, and details fields.

Skill content
this.logDir = config.logDir || './audit-logs';
...
      userId: operation.userId || 'anonymous',
      action: operation.action,
      resource: operation.resource,
      status: operation.status || 'success',
      details: operation.details || {},
...
      await fs.appendFile(logFile, entries, 'utf-8');
Recommendation

Store logs in a protected directory, avoid placing secrets in details/resource fields, and configure retention/cleanup appropriately.